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1. A method of accessing an information processing network, comprising the steps of: 

a) ihitiahzing a database, an approved list, and a disapproved list, where the database 
contains rules for allowing and denying access to the information processing network, where the 
approved list includes approvals of connectionless network packets, and where the disapproved 
list includes disapprovals of connectionless network packets; 

b) receiving a connectionless network packet; 

c) computing a flow tag based on the connectionless network packet; 

d) discarding the connectionless network packet and returning to step (b) if the flow tag is 
on the disapproved list; 

e) allowing the connectionless network packet access to the information processing 
network and returning to step (b) if the flow tag is on the approved list; 

f) comparing the flow tag to the database if the flow tag is not on the approved list and is 
not on the disapproved list; 

g) discarding the connectionless network packet, adding the flow tag to the disapproved 
Ust, and returning to step (b) if the database rejects the flow tag; and 

h) allowing the connectionless network packet access to the information processing 
network, adding the flow tag to the approved list, and returning to step (b) if the database accepts 
the flow tag. 

2. The method of claim 1, wherein said step of computing a flow tag is comprised of the steps of: 



a) extractin^'fi^m the connectionless network packet a user-definable number of bits 
from a connectionless network source address, a connectionless network destination address, a 
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connectionless network protocol, an upper layer protocol header if included in the connectionless 
network packet, and application layer data; 

b) substituting all zeros for the upper layer protocol layer if none is included in the 
connectionless network packet; 

c) setting a user-definable number and location of bits in the result of the last step to zero; 

and 

d) computing a flow tag address. 

3. The method of claim 2, where said step of computing a flow tag address is comprised of the 
steps of: 

a) setting a zeroth bit of the flow tag address to fo = Sq x S14 x S28 x x x ho x hj^, 
where x is a bitwise exclusive-or operation, fj is the ith bit of the flow tag address, where Sj is the 
ith bit of a connectionless network source address, where dj is the ith bit of a connectionless 
network destination address, where pj is the ith bit of a connectionless network protocol, and 
where hj is the ith bit of the upper layer protocol header, and; 

b) setting a first bit of the flow tag address to fj = s^ x S15 x S29 x x d26 x hj x hif, 

c) setting a second bit of the flow tag address to f2 = S2 x S15 x S30 x d^ x d25 x h2 x h^g x 

PO' 

d) setting a third bit of the flow tag address to f3 = S3 x S17 x S31 x d^o x d24 x h3 x hig x 

Pi; 

e) setting a fourth bit of the flow tag address to f4 = S4 x s^g xdgx d23 x h4 x h2o x P2; 
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f) setting a fifth bit of the flow tag address to f5 = S5 x $19 x dg x ^ ^5 x h2i x P3; 

g) setting a sixth bit of the flow tag address to f^ = 85 x S20 x dy x d2i x h5 x h22 x h28 x 

h) setting a seventh bit of the flow tag address to fy - S7 x S21 x d^ x d2o x h7 x h23 x h29 x 

P5; 

i) setting a eighth bit of the flow tag address to fg = Sg x S22 x d5 x di9 x hg x h24 x h3o x 

j) setting a ninth bit of the flow tag address to f9 = S9 x S23 x d4 x d^g x h9 x h25 x h^i x 

k) setting a tenth bit of the flow tag address to f^o = Sio x S24 x d3 x di7 x d3i x h^Q x h26; 
1) setting a eleventh bit of the flow tag address to f^ = s^ x S25 x d2 x d^^ x d3o x h^ x 

h27; 

m) setting a twelfth bit of the flow tag address to fi2 = ^ ^26 x d^ x x d29 x hi2 x 
hi4; and 

n) setting a thirteenth bit of the flow tag address to fi3 = S13 x S27 x do x di4 x d2g x x 

hi5- 

4. The method claim 1, wherein the step of discarding the connectionless network packet, adding 
the flow tag tcfthe^isapproved list, and returning to step (b) if the database rejects the flow tag is 
comprised of the steps of: 
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a) comparing the flow tag to any data stored on the disapproved list at the flow tag 
address; 

b) determining that the flow tag is on the disapproved list if a match occurred in the last 

step; 

c) discarding the connectionless network packet; 

d) adding the flow tag to the disapproved list; and 

e) returning to step (b). 

5. The method claim 1, wherein the step of allowing the connectionless network packet access to 
the information processing network, adding the flow tag to the approved list, and returning to 
step (b) if the database accepts the flow tag is comprised of the steps of: 

a) comparing the flow tag to any data stored on the approved list at the flow tag address; 

b) determining that the flow tag is on the approved list if a match occurred in the last 

step; . 

c) allowing the connectionless network packet access to the information processing 
network; 

d) adding the flow tag to the approved list; and 

e) returning to step (b). 

6. The method of claimj^ including the step of recording all allowances of access to the 
information processing network and recording all discarded connectionless network packets. 
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7. The method of claim 6, further including the step of alerting a system administrator if the 
number of discarded comiectionless network packets exceed a user-definable threshold. 

8. The method of claim 6, further including the step of alerting a system administrator if the 
number of discarded connectionless network packets exceed a user-definable threshold within a 
user-definable span of time. 

9. The method claim 3, wherein the step of discarding the connectionless network packet, adding 
the flow tag to the disapproved list, and returning to step (b) if the database rejects the flow tag is 
comprised of the steps of: 

a) comparing the flow tag to any data stored on the disapproved list at the flow tag 
address; 

b) determining that the flow tag is on the disapproved list if a match occurred in the last 

step; 

c) discarding the connectionless network packet; 

d) adding the flow tag to the disapproved list; and 

e) returning to step (b). 

10. The method claim 9, wherein the step of allowing the connectionless network packet access 
to the information processing network, adding the flow tag to the approved list, and returning to 
step (b) if the database accepts the flow tag is comprised of the steps of: 

a) comparing the flow tag to any data stored on the approved list at the flow tag address; 
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b) determining that the flow tag is on the approved hst if a match occurred in the last 

step; 

c) allowing the connectionless network packet access to the information processing 
network; 

d) adding the flow tag to the approved list; and 

e) returning to step (b). 

11. The method of claim 10, further including the step of recording all allowances of access to 
the information processing network and recording all discarded connectionless network packets. 

12. The method of claim 11, further including the step of alerting a system administrator if the 
number of discarded connectionless network packets exceed a user-definable threshold. 

13. The method of claim 11, further including the step of alerting a system administrator if the 
number of discarded connectionless network packets exceed a user-definable threshold within a 
user-definable span of time. 

14. A method of accessing an information processing network, comprising the steps of: 

a) initializing a database, an approved list, and a disapproved list, where the database 
contains rules for allowing and denying access to the information processing network, where the 
approved list includes approvals of IP packets, and where the disapproved list includes 
disapprovals of IP packets; 
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b) receiving an IP packet; 

c) computing a flow tag based on the IP packet; 

d) discarding the IP packet and returning to step (b) if the flow tag is on the disapproved 

list; 

e) allowing the IP packet access to the information processing network and returning to 
step (b) if the flow tag is on the approved list; 

f) comparing the flow tag to the database if the flow tag is not on the approved list and is 
not on the disapproved list; 

g) discarding the IP packet, adding the flow tag to the disapproved list, and returning to 
step (b) if the database rejects the flow tag; and 

h) allowing the IP packet access to the information processing network, adding the flow 
tag to the approved list, and returning to step (b) if the database accepts the flow tag. 

15. The method of claim 14, wherein said step of computing a flow tag is comprised of the steps 
of: 

a) extracting from the IP packet a user-definable number of bits from a IP source address, 
a IP destination address, a IP protocol, an upper layer protocol header if included in the IP 
packet, and data; 

b) substituting all zeros for the upper layer protocol layer if none is included in the IP 

packet; 

c) setting a user-definable number and location of bits in the result of the last step to zero; 

and 
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d) computing a flow tag address. 

16. The method of claim 15, where said step of computing a flow tag address is comprised of the 
steps of: ~' 

a) setting a zeroth bit of the flow tag address to fo = Sq x S14 x S28 x di3 x d27 x ho x hjg, 
where x is a bitwise exclusive-or operation, fj is the ith bit of the flow tag address, where Sj is the 
ith bit of a IP source address, where dj is the ith bit of a IP destination address, where pj is the ith 
bit of a IP protocol, and where hj is the ith bit of the upper layer protocol header, and; 

b) setting a first bit of the flow tag address to f^ = s^ x S15 x S29 x d|2 x d26 x h^ x hi7; 

c) setting a second bit of the flow tag address to f2 = S2 x S15 x S30 x d^ x d25 x h2 x h^g x 

d) setting a third bit of the flow tag address to f3 = S3 x S17 x S31 x d^g x d24 x h3 x h^g x 

Pi; 

e) setting a fourth bit of the flow tag address to f4 = S4 x s^g x dg x d23 x h4 x h2o x P2; 

f) setting a fifth bit of the flow tag address to f5 = S5 x S19 x dg x d22 x h5 x h2i x P3; 

g) setting a sixth bit of the flow tag address to fe = x S20 x dy x d2i x h^ x h22 x h28 x 

P4; 

h) setting a seventh bit of the flow tag address to fy = S7 x S21 x d^ x d2o x hy x h23 x h29 x 

P5; 

i) setting a eighth bit of the flow tag address to fg = Sg x S22 x d5 x d^Q x hg x h24 x h3o x 

P6; 
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j) setting a ninth bit of the flow tag address to f9 = S9 x S23 x d4 x d^g x h9 x h25 x h3i x 

p?; 

k) setting a tenth bit of the flow tag address to f = Sio x S24 x d3 x x d3i x h^o x h26; 
1) setting a eleventh bit of the flow tag address to f^ = s^ x S25 x d2 x d^^ x d3o x h^ x 

h27; 

m) setting a twelfth bit of the flow tag address to = S12 x S26 x d^ x di5 x d29 x hi2 x 
hi4; and 

n) setting a thirteenth bit of the flow tag address to fi3 = S13 x S27 x dQ x di4 x d28 x x 

hl5. 

17. The method claim 14, wherein the step of discarding the IP packet, adding the flow tag to the 
disapproved list, and returning to step (b) if the database rejects the flow tag is comprised of the 
steps of: 

a) comparing the flow tag to any data stored on the disapproved list at the flow tag 
address; 

b) determining that the flow tag is on the disapproved list if a match occurred in the last 

step; 

c) discarding the IP packet; 

d) adding the flow tag to the disapproved list; and 

e) returning to step (b). 
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18. The method claim 14, wherein the step of allowing the IP packet access to the information 
processing network, addirrg-the flow tag to the approved list, and returning to step (b) if the 
database accepts the flow tag is comprised of the steps of: 

a) comparing the flow tag to any data stored on the approved list at the flow tag address; 

b) determining that the flow tag is on the approved list if a match occurred in the last 

step; 

c) allowing the IP packet access to the information processing network; 

d) adding the flow tag to the approved list; and 

e) returning to step (b). 



19. The method of claim 14, further including the step of recording all allowances of access to 
the information processing network and recording all discarded IP packets. 

20. The method of claim 19, further including the step of alerting a system administrator if the 
number of discarded IP packets exceed a user-definable threshold. 

21. The method of claim 19, further including the step of alerting a system administrator if the 
number of discarded IP packets exceed a user-definable threshold within a user-definable span of 
time. 
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22. The method claim 16, wherein the step of discarding the IP packet, adding the flow tag to the 
disapproved list, and relmning to step (b) if the database rejects the flow tag is comprised of the 
steps of: 

a) comparing the flow tag to any data stored on the disapproved list at the flow tag 
address; 

b) determining that the flow tag is on the disapproved list if a match occurred in the last 

step; 

c) discarding the IP packet; 

d) adding the flow tag to the disapproved list; and 

e) returning to step (b). 

23. The method claim 22, wherein the step of allowing the IP packet access to the information 
processing network, akling^the flow tag to the approved list, and returning to step (b) if the 
database accepts the flow tag is comprised of the steps of: 

a) comparing the flow tag to any data stored on the approved list at the flow tag address; 

b) determining that the flow tag is on the approved list if a match occurred in the last 

step; 

c) allowing the IP packet access to the information processing network; 

d) adding the flow tag to the approved list; and 

e) returning to step (b). 
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24. The method of claim 23, further including the step of recording all allowances of access to 
the information processingnetwork and recording all discarded IP packets. 



25. The method of claim 24, further including the step of alerting a system administrator if the 
number of discarded IP packets exceed a user-definable threshold. 

26. The method of claim 24, further including the step of alerting a system administrator if the 
number of discarded IP packets exceed a user-definable threshold within a user-definable span of 
time. 

27. A device foXaccessing an information processing network, comprising: 

a) a flow management unit, having a first input/output bus for receiving a flow, having a 
second input/output dus for transmitting the flow, and having a third input/output bus; 

b) a first conneptionless network flow processor, connected to the third input/output bus of 
said flow management Wit, and having an input/output bus; 

c) an approved lis^storage unit, connected to the input/output bus of said first connectionless 
network flow processor; 

d) a disapproved lisA storage unit, connected to the input/output bus of said first 
connectionless network flovv^processor; 

e) a flow command processor, connected to the third input/output bus of said flow 
management unit, and having an input/output bus; 

f) a second connectionless network flow processor, connected to the input/output bus of 

said flow conomand processor, a^pd having an input/output bus; 
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g) a connectionless network address database unit, connected to the input/output bus of said 
second connectionless nVwork flow processor; 

h) a memory management unit, conim;ted to the third input/output bus of said flow 
management unit, and havii\ an input/output bu^>aad^ 

i) a memory unit, conneteted to the input/output bus of said memory management unit. 
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